Posted
by
Roblimo
on Wednesday February 05, 2003 @01:15PM
from the black-hat-turns-white dept.

Kevin Mitnick has been crazy-busy with media tours and book promotion stuff, and apologizes for taking so long to answer your questions. But answer he has, at length and in detail, with a brief intro at the start to correct a story in which he says he was misquoted. He has some other things on which he wants to set the record straight, too. Lots of them. Strong stuff here.

Kevin:

I wish to make a correction to a story that was posted about my interview with Yahoo Internet Life magazine several months ago. The author misquoted a statement of mine that I wish to clarify for the entire Slashdot readership.

I had never recommended that the Federal Government establish a DNA database to track our identities or our locations. I explained to the journalist that I believed the government would use DNA as a means of authentication in the future. Of course, many Slashdot readers flamed me for something I never said, or that was taken out of context by the writer. Consider who I am and what I been through. Do you really believe that I would advocate such a thing? Absolutely not!

1) John Markoff (Score:5, Interesting)
by Memophage

Since 1995, we've been subjected to numerous articles, three books, and (for those who have managed to download a copy) a movie mostly based on information written about you by John Markoff. I've heard you rant about his demonizing writings, the damage they did to your reputation (particularly the '95 NYT article), and your inability to refute his assertions at the time since you were trying to avoid arrest. What are the pieces of misinformation that you'd most like to refute, and how much damage do you think the actions of this one reporter has done to your life?

Kevin:

John Markoff had first libeled me in his book, Cyperpunk, which he co-authored with his former wife, Katie Hafner. In and around 1990, Markoff and Hafner contacted me to request my participation for a book about three hackers, including myself. In considering their request, I asked about their budget to compensate me for my time and/or life story rights. Both Markoff and Hafner were unwilling to compensate me as a source, because it was unethical. I explained that it was unethical for me to give them my story for free. We were at an impasse.

Sometime later, Markoff or Hafner gave me an ultimatum to cooperate, or any statement made by any source would be reported as fact. As it turned out, that's exactly what Markoff and Hafner did. Markoff or Hafner interviewed other phone phreaker or hackers, including my co-conspirator, Steven Rhoades and Lenny Dicicco. One or both of these individuals had falsely claimed that I hacked into NORAD in 1983, coincidentally the year Wargames was released. I never attempted to compromise NORAD or any other military installations. Rather than verify the authenticity of their claims with the alleged victims, Markoff and Hafner just wrote their statements as fact.

When published in the early 90's, the book portrayed me as ultimate "Darkside Hacker." I truly believed that both Markoff and Hafner had acted with malice, because I refused to interview or cooperate unless I was paid. The authors made substantial efforts to cast me in the most unfavorable light, supported by false statements, presumably to get even with me and to increase interest in the "story."

Several months after Markoff's book was published, a movie producer phoned with great news: Hollywood was interested in making a movie about the Darkside Hacker depicted in Cyberpunk. I pointed out that the story was full of inaccuracies and untruths about me, but he was still very excited about the project. I accepted $5,000 for a two-year option, against an additional $45,000 if they were able to get a production deal and move forward. When the option expired, the production company asked for a six-month extension. By this time, I was gainfully employed, and so had little motivation for seeing a movie produced that showed me in such an unfavorable and false light. I refused to go along with the extension. That killed the movie deal for everyone, including Markoff and Hafner, who had probably expected to make a great deal of money from the project. Here was one more reason for John Markoff to be vindictive toward me.

I'd never met Mr. Markoff until February 17, 1995, at my second court appearance in Raleigh, and yet Mr. Markoff has literally become a millionaire by virtue of his libelous and defamatory reporting -- and I use the word "reporting" loosely -- about me in the New York Times and in his 1991 book Cyberpunk.

On July 4th, 1994, an article written by Mr. Markoff was published on the front page of the New York Times, above the fold. Included in that article were numerous un-sourced allegations about me that were stated as fact, which even a minimal process of fact-checking would have revealed as being untrue or unproven.

In that same defamatory article, Mr. Markoff falsely claimed that I had wiretapped the FBI (I hadn't), that I had broken into the computers at NORAD (which aren't even connected to any network on the outside), and that I was a computer "vandal" despite the fact that I never intentionally damaged any data I've ever accessed. Mr. Markoff even claimed that I foreshadowed the movie, War Games, when a simple call to the screenwriter of that movie would have revealed that he had never heard of me when he wrote his script.

Many of the same rumors were repeated in Markoff's subsequent New York Times stories of my arrest. Among the same false claims made in his 1994 article, Markoff had accused me of planting a false news story claiming that Security Pacific Bank lost millions of dollars when they withdrew a job offer. This claim is also false. Markoff's exaggerations about me were so egregious that one of the alleged victims in this case, the internet service provider The Well, demanded that Mr. Markoff issue a retraction for Mr. Markoff's overstatement of the damages claimed by him to have been caused by me.

I've learned a great many things in the past decade. I've learned that an unethical reporter for the New York Times who had a vendetta against me, had the power to destroy my life, based on his publication of repeated inaccuracies and outright falsehoods. I'll remind the reader that Mr. Markoff has failed to acknowledge a pre-existing relationship with me and with Tsutomu Shimomura since the publication of his false and defamatory article about me on July 4, 1994. Mr. Markoff has been hiding from the truth in this regard for over eight years.

I have stated repeatedly, that the crimes I committed were wrong, and that I deserved to be punished. I served nearly five years in prison as a result. As I said on the day I was released from Lompoc, I offered to plead guilty to the crimes I committed shortly after my arrest. Sadly, Mr. Markoff demonstrates no such sense of responsibility as he continues to insist his lies about me and my life, qualify as "reporting."

I sincerely believe that the Justice Department would not have labeled me a computer terrorist, and treated me as such, if it hadn't been for Markoff's false and defamatory reporting.

2) What were you thinking? (Score:5, Interesting)
by caferace

During your escapades which eventually landed you in hot water, you used the EFF account at The WELL to hide the files you stole from T. Shimomura. I'm still trying to figure out why the heck you did that. A simple "last" would have shown you that that was an active account, and
you could have guessed that the user was probably technically savvy enough to notice the sudden spike in disk usage. Was that just an act of
hacker hubris, or were you just not paying attention? Ultimately, it's
what led to your downfall (FBI monitoring your keystrokes, live tracing
of IPs) so I am well and truly curious.

Kevin:

I wasn't the only person who had access to Mr. Shimomura's computer systems and was storing information on The Well. Interestingly enough, the government never investigated the existence of any co-conspirators, once I was arrested. Kevin Mitnick was the only fish they wanted to fry.

Any accounts that were used by me had been dormant for at least three months. I changed the password to the account and shared it with other hackers. I overlooked checking cron for any scheduled scripts that were looking for disk hogs. We were discovered after a user was notified via a cron process that complained about our excessive disk usage. At the time, we didn't really care because the Well only contained a backup of the information we had stored. The same files were mirrored on several sites in the Netherlands, among others, that Shimomura and the FBI had never found. (No, I don't have any copies.)

While accessing the Well, I was carefree because my location was masked through many other computer systems and the cellular telecommunications network. I could have taken precautions by installing a covert backdoor to avoid the typical UNIX accounting and logging, but I didn't bother.

To avoid any traps and traces, I routinely compromised the local exchange carriers and cellular providers to gain access to their switches. Even if my connection was identified, I routed my data calls in a certain way that was very difficult to track in a reasonable amount of time. In one report, Shimomura had claimed that he and the FBI were unsuccessful at tracing any calls to the point of origin, but were only able to identify the cellular carrier.

As for avoiding detection, I underestimated the speed of the pursuit and that the FBI had been sharing confidential information, such as trap and trace data with Shimomura. Instead of tracing inbound calls, the cellular carrier did a terminating number search in their billing database searching for known Netcom POP dialups. As expected, the carrier identified the cell site and the MIN (mobile identification number) I was presently using. Since I changed my number on at least a daily basis, the cellular engineers monitored the cell site for anyone initiating data calls. Shimomura, Markoff, and the cellular provider's engineers used a Cellscope 2000 to trace the cellular radio signal to its origin (my location.)

Since I had just relocated to Raleigh within the last two weeks prior to my arrest, I was not vigilant in checking the dialup lines I used for caller line identification (trap and trace). Within hours of my arrest, I accessed the DMS switch only to notice that CLI (Caller Line Identification) had been put on the dialup hunt group assigned to Netcom in Research Triangle Park. I immediately started to investigate the extent of the surveillance and the party responsible for initiating the trap request. I found that an unidentified individual had accessed an account I was using at escape.com, from the Well's subnet. As I started to track down any logging of my activity, the U.S. Marshal Service and the FBI knocked on my door.

3) How Do You Plan on Getting Up to Speed? (Score:5, Interesting)
by bloxnet

I have read a bit about you, so I know that you were no slouch back in the days prior to your incarceration and release...but if you have
actually stuck with the limits of your probation how are you planning to jump into consulting again?

Don't get me wrong, but you can only advise people on social engineering and easy passwords for so long ... what kind of knowledge did you already have on PKI, VPNs, Firewalls, IDSes? There seems to be so much that has changed that just a cursory understanding of the principles behind these technologies does not seem sufficient to serve as a consultant (or at least one I would pay for).

Since so much has changed radically in the last few years, how have you kept up or do you plan to keep up at the moment? I can't see just
reading a book on the latest OS specs and administrative tasks and being able to consult on them without hands on experience, and in your case
you have quite a few years of language, os, security, and other operational technology advances to get up to speed with, etc.

So basically....what's you game plan to get back to a modern day equivalent of the proficiency you had several years ago?

Kevin:

There's a widespread misconception that I only used social engineering attacks to compromise my targets. Not so. I do admit, however, that social engineering was extremely effective in reaching my goals without resorting to using a technical exploit. I would look for the weakest link in the chain that was the least risk and cost to me. This involves looking at the big picture, rather than focusing on a single access point. For instance, if an attacker can walk into the server room without much chance of detection, that's all she wrote.

You are correct that security technologies have evolved in the last decade. I haven't been living in a vacuum, even though the Bureau of Prisons made efforts to restrict my reading material. I've kept up with the many trends in the industry and have been able to use computers for the last year prior to the expiration of my supervised release, as long as I didn't access the Internet. I have plenty of previous experience working with security technologies such as firewalls, operating systems, configuration and patch management. As far as PKI and IDSes, I've kept up with the technology by reading until the time I was finally permitted to use computers in January, 2002. Of course, I still have a lot to learn since security technologies are evolving rapidly, but I have no doubt that I'll be up to speed in no time.

As you know, security is not a product that can be purchased off the shelf, but consists of policies, people, processes, and technology.

4) Social Engineering (Score:5, Interesting) by dr_dank

I read your book and attended H2K2 last summer (I look forward to seeing you speak at the next one). I meant to ask this question to the Social
Engineering panel:

Do you have any stories about Social Engineering gone awry? That is, a situation where the mark saw right through your ruse and you just couldn't pull it off.

Kevin:

Not really.

If the target was uncooperative, or skeptical, I would backpedal out of the request to avoid generating suspicion, and move on to the next person.

On one occasion, I was challenged by a friend of mine to get his Sprint Foncard number. He said he would buy me dinner if I could get it. I couldn't pass up a good meal so I phoned customer service and pretended to be from the IT department. I asked the rep if she was having any difficulties with her computer. She wasn't. I asked her the name of the system she uses to access customer accounts, to verify I was working with the right service center. She gave it to me. Immediately thereafter, I called back and got a new service rep. I told her my computer was down and I was trying to bring up a customer account. She brought it up on her terminal. I asked her for the customer's Foncard number? She started asking me a million questions? What was your name again? Who do you work for? What address are you at? You get the idea. Since I did not exercise any due diligence in my research, I just made up names and locations. It didn't work. She told me she was going to report my call to security!

Since I had her name, I briefed a friend of mine on the situation and asked him to pose as the "security investigator" so he could take a report. He called back customer service and was transferred to the woman. The "security investigator" said he received a report that unauthorized people were calling to obtain proprietary customer information. After getting the details of the "suspicious" call, the investigator asked what information the caller was after. She said the customer's Foncard number. The "investigator" asked for the number. She gave it to him. Whoops! Case closed!

5) Big question (Score:5, Funny)
by GMontag

What is the password to my PayPal account? I forgot it a while back.

Kevin:

It's guym0nt4g. Hope that helps!

6) What's it like? (Score:5, Interesting)
by Pii

Slashdot has no shortage of technological "Rock Stars" (Linus, ESR, RMS, Bruce Perins, etc), but most of them didn't attain their fame as a result of being prosecuted to the fullest extent allowable by law ... You are a notable exception. What's it like being a rock star, and how
great is it that you'll now be able to fully capitalize on your fame in the financial sense? Would you be in as promising a position today had
you not run afoul of the law?

Kevin:

A rock star? That's funny. My senior editor at Wiley had said the same thing when I was at the RSA security conference last year. I don't feel like a rock star, at least my bank account doesn't reflect it. Maybe I should partner up with Eminem?

The truth of the matter is I never was a hacker out for fame or prestige. I have to thank two reporters (John Markoff, New York Times and John Johnson, LA Times) and overzealous Federal prosecutors for over sensationalizing the Mitnick case.

Soon after my arrest in February 1995, my attorney told me that Federal prosecutors were demanding that I participate in a CIA debriefing because of national security interests. I laughed out loud, asking him to repeat the request. He did. After I agreed to the ridiculous demand, they immediately lost interest. It appears that the prosecutors were hoping to try the first hacking-spy case. It must have been extremely disappointing for the Justice Department, once they realized the true facts of the case in comparison with my larger-than-life reputation. Nonetheless, I was treated worse than a person accused of industrial espionage, in large part because of the appearance that I was a "computer terrorist", although the government never pointed to any facts that supported this hypothesis.

On a positive point, my case has received world-wide attention, in large part, because of hyperbole and the total disregard of my constitutional and statutory rights as the accused. More specifically, I was held in solitary confinement for eight months, in order to prevent a possible nuclear strike being initiated by me from a prison payphone, and was held for an unprecedented four and one-half years without a bailing hearing.

I can honestly say that I paid a heavy price for trespassing into global networks and copying source code. I plan to capitalize on my knowledge and talent by helping businesses mitigate their security risks. Of course, having name recognition can help attract potential clients. One of my initial goals is to turn my image around from the most notorious hacker in the world, into a positive one.

7) Question about Trust (Score:5, Interesting)
by Neck_of_the_Woods

I realize that you may have put your cracking days behind you but can you really address the question of trust in the computer security industry? How has your move into the security industry been received by the establishment, and how have you been dealing with the obvious question of you being trusted in the very area you manipulated?

Kevin:

My career in the information security profession has been met with much enthusiasm and good wishes. Of course, there are people that believe that hiring reformed hackers is out of the question. I don't agree with that blanket assessment. In fact, many retired or former hackers have legitimate careers in the security professional to assist businesses with risk mitigation.

The issue of trust has been a difficult challenge for me to face. Many people have bought into "The Myth of Kevin Mitnick" that was fueled by John Markoff's reporting in the New York Times. I have been wrongly accused of computer-related crimes that never happened, let alone committed by me. I strongly believe these myths have caused people to form opinions about me that are not based solely in fact.

As described below, I was never accused of abusing a position of trust, profiting from any illegal activity, or intentionally destroying information or computer systems. I illegally hacked into networks to look at, or copy software to advance my goals in finding security vulnerabilities. What I did was wrong, and I regret it. At the same time, I would not place myself into the same category as a convicted industrial spy or embezzler. I believe that actions speak louder than words. Therefore, I've taken my knowledge, experience, and background and used it to assist government and businesses in their efforts to shore up their defenses.

Although I've turned over a new leaf, my critics will surely speak up and discourage others from retaining my services. It's interesting to note that a conflict of interest may affect the judgment of some of my colleagues who work in the same industry. I believe that former non-malicious (no intent to cause harm) hackers can be extremely valuable in helping businesses identify their weaknesses in technologies and procedures.

This question is really a question of balance. Does the prospective employee (former hacker) bring enough knowledge, experience, or skills that outweighs the risks associated with hiring that person? You have to closely examine the background, values, beliefs, goals, and attitude, to gauge the risk to the business. In some cases, the person can be hired to perform a service that is a low risk or even risk free. I firmly believe that once a person has paid their debt to society for past transgressions, that individual should be free to pursue legitimate employment opportunities that benefit society.

People are human, and they make mistakes. We all have to learn to accept this fact and forgive our brothers and sisters.

8) still possible (Score:5, Interesting)
by adamruck

Given the state of technology today, and some of the recent new laws passed, do you think that the path that you took would still be possible today?

Kevin:

I believe you're asking whether I could accomplish the same hacking feats that I did many years ago, in light of the advancement in security technology and the new laws giving law enforcement officials broad surveillance powers.

First of all, I've learned my lesson, so taking the path I did before, is personally out of the question for me. My illegal hacking days are far behind me.

Breaking into systems and networks is much easier today than it was a decade ago. I spent many hours (improperly) acquiring and examining source code to find security vulnerabilities. Once I found a vulnerability, I would code an exploit for it. After a while, it became a very time consuming process.

Back in my hacking days, I compromised CERT, several software manufacturers that developed operating systems I favored, and a selected group of "security researchers" that reported security vulnerabilities. My goal at the time was to have knowledge of all the security holes.

In today's world, anyone with an Internet connection can obtain "security assessment" tools and/or published proof-of-concept exploit code. This information can be used by an attacker to compromise his or her targets without even knowing how the tool works or the bug is exploited.

There is more than one way to skin a cat: systems and networks can be compromised by exploiting other weaknesses other than security bugs. The target may have limited physical security, personnel security, or trusted insiders that can be deceived or bribed to hand over the keys to the kingdom.

Unfortunately, too many organizations are lulled into a false sense of security when they acquire and implement typical security technologies, such as firewalls and antivirus software. Although these technologies are essential in mitigating risk, in my personal experience, I have combined technical attacks with social engineering to compromise my targets. It's a lethal combination. No technology in the world can stop people from being manipulated and deceived. As the site http://www.sqlsecurity.com posts, "there is no patch for stupidity."

Almost a decade after my arrest, computer systems and networks are still being successfully attacked on a daily basis. The saying, "The more things change, the more things stay the same" comes to mind.

The new laws such as the Patriot Act certainly gives law enforcement officials more surveillance powers, but it won't eliminate computer crime or hacking. The truth of the matter is the hacker mind does not consider the consequences when doing an illegal act, but gauges the risk of getting caught.

New Federal statutes certainly increase the risk (more surveillance without judicial review) of hackers being identified, but the more sophisticated ones will utilize new technologies, such as widespread open wireless networks, to stay under the government's radar.

The new amendment to existing Federal law making certain hacking offenses punishable by life in prison, without the possibility of parole, is ludicrous. More specifically, any person who recklessly or intentional causes serious bodily injury or death using a computer that affects interstate commerce, can be subject to this punishment. I don't understand why using a computer as a tool of the offense is such an aggravating circumstance. Should it matter whether it's a gun, motor vehicle, knife, hammer, or poison? The harm is still the same? Isn't it? If a person recklessly kills or serious injures another while driving, shouldn't that person be locked up for the rest of their life? In California, it's called involuntary manslaughter.

It appears the hyperbole of cyber terrorism has created a sense of fear surrounding using the computer as a tool to commit a crime. Unfortunately, the FUD (Fear, Uncertainty, and Doubt) has, in my opinion, been exploited by the Justice Department to advance their agenda of gaining more power and larger budgets.

9) What do you say? (Score:5, Interesting)
by PhysicsGenius

I've heard that you've expressed regret over the actions that landed you in jail and I think I even heard you say that you think you were in the
wrong. So how do you respond to the hundreds of wannabes who hacked sites "in your honor" and wore "Free Kevin" shirts at the risk of repelling girls? Do you owe them anything, even a little guidance towards the straight and narrow?

Kevin:

I do regret over my past actions involving my computer hacking activities. What I did was wrong, against the law, and I deserved to be punished.

However, the punishment in my case was extremely harsh and did not fit the crime. I equate my illegal actions not to a person who molests children or burglarizes a house (I heard these specious analogies before), but to a person who illegally copies software.

The difference in my case is the software was proprietary. I was not an industrial spy, nor did I ever attempt to profit or damage any systems or information that I had illegally accessed. The government falsely claimed I had caused millions of dollars of loss, in an effort to demonize me in the press and the court. The truth of the matter is I regretfully did cause losses, but nowhere near a million dollars. The theory the government used to reach those numbers was to use the same formula for traditional theft or fraud cases. When a person steals money or property, the Federal Sentencing Guidelines use the value of the property lost, damaged, or destroyed as the loss amount. This formula works well with tangible property, but when the property at issue is information, or in my case source code, does the same formula reflect the true intended or actual loss? The government requested that my victims provide their research and development costs as the value of the information I either copied, or reviewed online (source code). Federal prosecutors simply added up all the R&D costs associated with the source code I had accessed, and used that number (approx $300 million) as the loss, even though it was never alleged that I intended to use or disclosed any source code. Interestingly enough, none of my victims had reported any losses attributable to my activities to their shareholders, as required by securities laws. Unfortunately, due to media hyperbole, the unknowing public believes I had caused these tremendous losses.

To this day, I believe this "formula" was used to further the government's agenda to turn me into the poster boy for computer hacking. Although I had committed socially unacceptable acts through my hacking, I've been turned into this mythological Lex Luthor type character that can destroy the world. As I write these words, I think back to the publicity campaign for libelous book Takedown: He could have crippled the world. Only one man could stop him: Shimomura. Oh Please!

First and foremost, I really can't start a nuclear war from a prison payphone, as prosecutors alleged, which resulted in my being placed in solitary confinement for eight months.

I served over four and one-half years in a Federal detention center prior to trial or settling the charges against me.

I'm the only person in United States history that was held without an initial bail hearing.

My residence was searched with a blank search warrant at the time of my arrest in Raleigh.

A government informant, Ron Austin, was working at my attorney's office at the same time he was representing me.

The Free Kevin campaign was initiated by a group of people who realized that Federal prosecutors and the Federal judiciary had turned a blind eye to my constitutional rights and statutory law that protects any person accused of a crime. To my amazement, some people believe my treatment was justified. With that in mind, I must remind you that our forefathers have fought and died in wars to preserve our freedoms and inalienable rights that we hold dear to our hearts. These inalienable rights also include constitutional and procedural due process that every person accused of a crime. Would my detractors have a change of heart if they or their family and friends were treated in the same fashion? I would assume so. I spent over four and one-half years in prison as a presumed innocent man, because Federal prosecutors were very adept at manipulating the technically-challenged judge who presided over the case. For instance, one prosecutor argued that my attorney should not be able to review the electronic evidence with me on a laptop computer, because I could somehow break into the Bureau of Prisons computers and release myself from custody, or write a virus/worm that would somehow leak out from the computer and wreak havoc upon the free world. I was astonished that the judge bought into these scenarios, even when my attorney pointed out the laptop did not have modem or network capability.

As to the question, I never advocated or condoned anyone hacking or damaging any computer system or network, in an effort to bring attention to my cause. I released a similar statement at the time of the major hacks into Yahoo and the New York Times.

I don't encourage, and in fact, discourage anyone from doing any illegal activity that affects other's property rights. However, I do advocate hacking in the sense that it does not amount to illegal or unethical behavior. Since the cost of computing is significantly lower nowadays, one activity may involve setting up a LAN with different computing platforms and attacking those systems in order to find vulnerabilities. Furthermore, a group of people sharing similar interests may participate in finding vulnerabilities on each other's systems to invoke a challenge, without violating anyone's property rights.

As a young teenager in high school, my family could not afford to purchase any computer-related equipment to learn on. I'd hang out at Radio Shack and local universities, spending hours and hours learning on their computer systems. Perhaps I would have gone down a different path if I had legitimate access to technology as young people have today.

10) How about.... (Score:5, Interesting)
by Psx29

What is the first thing that you have done with access to the internet?

Kevin:

I've been spending a lot of time emailing people that have written me in the past couple of weeks. I have to admit, it was a lot easier to have family and friends helping me with email, because it's unmanageable at the moment. I intend to use the Internet as a means to help grow Defensive Thinking into a prominent security services company. The Internet, of course, is a powerful tool to communicate messages to potential clients.

At the same time, I plan to explore the new features of the Internet that did not exist in 1995. As we all know, the Net is a new medium for communication, association, and research. I intend to use the Net to its full potential to advance my professional and personal agendas.

"I intend to use the Internet as a means to help grow Defensive Thinking into a prominent security services company. The Internet, of course, is a powerful tool to communicate messages to potential clients."

Isn't that the same thing about a million dot-coms said? Someone get this guy a copy of "F'd Companies!"

Not that you wouldn't really use the mighty Internet to promote a computer security company...

...that any website Kevin sets up to promote his new company will be the the main focus of crackers/skript kiddies for the foreseeable future. Imaging the kudos in the playground if you managed to haxor "Mitnick's site"...

What we be just the coolest is if you hacked his site and put up a huge "Free Kevin" banner - a la 2600 and did the typical bad-grammar "Sh0u70u7 2 K3v1n - p1zz-0u7, d00d3rz!" that decorated all the hacked sites since he went into the slammer.

All of what you've said about markoff's libelous reporting is fine & dandy... But, do you have any way to prove it?

If you do, coroborating witnesses, documents, your location as to when these events were supposed to occur, go sue him for those millions of dollars he made from his fiction fantasy novels about your life!

Why should Kevin prove it? The writings were about Kevin's life. If anything Markoff needs to prove what he writes about someone is true.

This is akin to me writing about you and having you refute what I said. If I wrote that you like to have fun with yourself alone at night with a doll how will you refute it? The onus is on me to prove that you do not the other way around. Otherwise we level accusations at anyone we wish. This is also the basis of the U.S. Constitution where you're considered innocent until proven guilty.

Why should Kevin prove it? The writings were about Kevin's life. If anything Markoff needs to prove what he writes about someone is true.

*BUZZZZ* Wrong. Mitnick is making the accusation that Markoff comitted libel against him. To prove that he has to not only show that Markoff's statements about him were false, but that they were made with actual malice.

Mitnick's answer about Markoff was basically cut-and-paste from the unpublished chapter of his book that was up on the Register. He uses the word libel several times, but apparently he's not willing to put his court filings where his mouth is. Everyone who reads this interview has to decide for himself what that means.

Oh, Come one. The Times has a well documented track record of printing unsubstantiated bullshit. They may have been the Best Paper in the World 15 years ago, but they sure as hell ain't much more than a well respected World Weekly News today. Just follow OpinionJournal's Best of the Web, they regularly debunk NYTimes articles with cold hard facts.

I did love the writeup on how Saddam never gassed his oown people from last week. Considering the author of that piece had been debunked by even Amnesty International, it was a hoot.

But maybe you should have read his answer a little more closely--newspapers may not pay their sources, but certainly for a writer working on a book about some one to pay them wouldn't be unreasonable now would it? I imagine if someone wanted to write a biography on me (especially one packed with lies), unless I had joint authorship or editorial rights, I certainly wouldn't be terribly forthcoming in helping.

Perhaps part of the reason is that he won't sue for defamation (aside from moving on with his life and/or not having the money) is that you can't prove a negative. Tell me this, how does he prove that he never hacked NORAD? When you make that type of allegations against some one, they really can't disprove them. Sometime around 1990 I saw you making love to a sheep. Prove you didn't. And guess what, now everyone can write that it has been alleged that you sleep with sheep. Your are not an alleged sheep molestor, how's that feel? I understand and agree with the freedom the first ammendment guarantees the press. But the burden of proof on accusations needs to fall squarely on the shoulders of the accuser whether they are a member of the press or not.

I don't think you start by accepting $5000 on an option for a Hollywood treatment that shows you in an "unfavorable and false light."

Seems like Mitnick's claims of "falsifications" varied inversely with Mitnick's level of employment. Sounds like the same sociopathic blinders of people who try to rip off little old ladies in phone scams.

My impression is that Markoff interviewed people for info about Kevin, but never bothered verifying what he was told. So he has an out: what he wrote is true, based on his poor research.

Poor reporting is an American tradition. Errors appear all the time in the media. More often than not, they're due to poor understanding about a complex situation on the part of the reporter. The question is if Markoff knew his facts were false and wrote his works with the intention to cause harm, or if his fact-gathering merely came up with incorrect facts that he then used to create an interesting story.

I'm not sure what the burden is on the reporter to ensure that his facts are valid - most reporters do their best to ensure they have valid data because they make their livings off people trusting what they say. I'd assume that some effort must be made to verify the facts, although it's possible that having two people tell the same false story is legally enough to invalidate a libel claim. Libel is knowingly publishing false info - Markoff seems to have done his best to get only facts that paint Kevin in a bad light, but he still gathered those facts from sources he can point to and say that they told him something was true and he believed them.

However, this whole comment is based on poor research itself... I am not a lawyer or a law student, this is not legal advice, nor coherent, contents under presure; point away from eyes while opening.

As an engineer, the PEO will take away my livelihood if I do not properly verify and check over the background of calculations I'm given. Once I stamp something, I'm responsible for everything in it.

I cannot just use simulation software without being certain that it is accurate. I can't use someone elses calculations unless I am confident of them.

I worked damn hard to get this far, and people have high expectations of me. I fully expect the same of any other profession that can cause serious damage when they screw up.

It is not his job to believe them. The moment the possibility of doing real damage to a person appears, so do responsibility. If belief was the issue, madmen would make the best reporters - they'd allways have an off-the-wall story (my neighbor is Hussein's estranged son) that would be true - from there perspective. If they're going to print something about someone - they'd better be able to back it up properly, or else the damage done by the statement is their fault.

I found that an unidentified individual had accessed an account I was using at escape.com, from the Well's subnet.

This lead to the termination of a lot of "suspect" accounts on well.com of which mine was one. Pretty much anyone who had touched that shithole escape in any form (that could be proven) was given walking papers.

A criminal defendant can't sue for violation of civil rights based on his having been illegally searched or arrested if he or she was ultimately convicted of the underlying crime. Such a claim has to be (successfully) asserted in the criminal case by means of a motion to dismiss, by a direct appeal, or by a petition for habeas corpus. Heck v. Humphrey, 512 U.S. 477 (1994) [cornell.edu]. In other words, the fact of a criminal conviction means the alleged illegality of the search or arrest has already been decided adversely to the defendant. Since Mitnick pled guilty, he waived his right to argue that the search/arrest was illegal (as well as his appeal rights). Therefore, Heck precludes him from suing.

How many of us suddenly found better ways to satisfy our curiosities when Kevin hit the front page?

I'm not saying there are a bunch of former criminal crackers here, just that there are certianly a bunch of us who took relatively harmless, goodwilled, but less than legitimate routes to find things out. Especially when we and the internet were all much younger.

I'm the only person in United States history that was held without an initial bail hearing.

No, Kevin, you are not. Haven't you been paying attention to the news lately? Ashcroft has disappeared hundreds of people, who are being held without charges and without any right to see attorneys. Most are immigrants (and in many of their cases, their families don't even know where they are), but at least two are US citizens.
None of these folks are getting bail hearings.

Ahem, the key word here is "citizen". Please give links to articles talking about those two citizens. I'm not saying they're non-existent, I just want something to reference instead of "JoeBuck said so on/."

Well, President Lincoln suspended Habeus Corpus [civil-liberties.com] (your right to a speedy trial) for the duration of the Civil War. He then proceeded to have all sorts of war protesters and suspected confederate sympathizers locked up without either hearing or trail.

That's essentially what is done to people put in preventative detention [jpp.org] too. If you read the link, at least 4 people were so held in the 70's and early 80's before Mitnik. There were probably more, and this is eactly what the Feds asked be done with Kevin. They felt he couldn't be given bail, not because of any flight risk, but rather because of the risk of him commiting crimes while on bail (specificly against the Judge or prosecuting attorneys or witnesses).

Not that I'm defending such practices. But its very, very wrong to suggest they are somehow new or unique to Kevin.

Here's a link for Padilla [chargepadilla.org]. Padilla is an enemy combatant [cnn.com] and loses certain rights. Here's an explanation [216.239.57.100] of how it applies to Padilla.

Yaser Esam Hamdi's [vdare.com] citizenship is in limbo. His argument is based off the fact that he was born on US soil. His citizenship status is pretty much undecided until the 14th Amendment is clarified.

Unfortunately, those two don't count. Here's a link for Padilla [chargepadilla.org]. Padilla is an enemy combatant [cnn.com] and loses certain rights. Here's an explanation [216.239.57.100] of how it applies to Padilla.

But isn't that exactly the point? By declaring him an "enemy combatant," he loses, among other things, the right to see the evidence used to make this declaration.

Even after the government backs [cbsnews.com] away [go.com] from Ashcroft's statements about Padilla, and Rumsfeld admits [cnn.com] that there are no plans to try him, a citizen sits in a military prison without a trial, without charges, and without a lawyer. Big Brother says he's a bad man, and the sheep are expected to thank them.

This is a circular argument. Padilla is a citizen of the US. Padilla was declared to be an enemy combatant by the president who then ordered him "disappeared". He was arrested in the Ohare airport by the FBI. That's american soil, a public place, by civilian authorities.

The whole point is that George Bush can make anybody disappear at anytime by simply pointing at their name and saying the words "enemy combatant". That's all it takes. If the person is in the United States at the time that person will just go away and nobody knows where (my suspicion is that they are sent to another country to be tortured most likely israel). If they are not in the US they will be assassinated by the CIA like the guy who got a missle shot at him in Yemen (that guy was also an american citizen).

This is no different then what happens in south america. The people the govt doesn't like disapear.

Really to who? A judge? Which Judge? Is there a jury? It's all moot. All it takes is for the president to say so.

"I'm proud to be an American and I'm impressed by the progress we've made so far to evolve."

Yadda, Yadda, Yadda, flag, apple pie, chevrolet. I say we are moving backwards. The fact of the matter is that I have less freedom today then I did before. I imagine that's pretty much a win for the terrorists.

" The guys in Yemen were hit by a hellfire from a predator aircraft. There wasn't an operative sitting in the car with a gun executing the guys."

I fail to see the distinction.

"The operation was legal under U.S. law."

Yes. It's now legal to assasinate US citizens if they are abroad.

"The target deserved it and the American with him probably did too"

And you know this how?

"Yeah, he could have been innocent of providing assistance to terrorists...in a movie"

Yes because in real life innocent people are never accused of crimes or found guilty of the. Innocent people also have never been to jail or put on death row. Because in america we are infallible and our president is all knowing. After all god himself chose this country and appointed this president and everybody knows eating apple pies and driving chevrolets makes you infallible.

"Supposedly, they did not know that an American citizen was with him. That's an honest mistake."

Oops you just contradicted yourself. Did the guy deserve it or was he there by accident? Oh well it's OK to kill american citizens with a missle if it's an honest mistake. We may be infallible but the CIA operatives in yemen probably were not eating apple pie and driving chevrolets. That's why they made this honest mistake.

"This is an extremely perverted comparison."

Really? I don't think so. Here I'll hit you with this one too. There is no real difference between the conctration camps set up by hitler and the contration camps set up by bush. Ok maybe the conditions are better (but then again how would any of us know) but the idea is the same. Round people up and send them away to a distant concentration camp to be "interrogated".

As a former paratrooper (3/505th PIR / 82d abn) I would like to remind people of this (carnivore if you read this send it to your big boss)

(possibly paraphrasing) "We hold these truths to be self evident, that all men are created equal and all men have certain inalienable rights"

Thomas Jefferson and Ben Franklin never once uttered the phrase "All Americans have certain inalienable rights.
Padilla, Hamdi and ALL imorally and unjustly detained foreign nationals have certain inalienable rights and I can only hope that J. Ashcroft and his superiors are held accountable for this gross breech of liberty. I for one favor the idea of impeachment.

Yeah, we all had a cute chuckle when someone posted this in the original "Ask Kevin" story. And it was rightfully modded 5, Funny. But considering that slashdot only submits 10 of the top rated questions to interviewees, I would really like to see no more Funny comments taking up an important slot. If you'll remember, there were tons of Interesting and Insightful questions rated with a score of 5 that were presented as possible questions for Mitnick. It annoys me that some truly important question was dropped to make room for the PayPal joke.

My request for the editors is to either (a) don't include Funny comments in the 10 questions you submit to an interviewee or (b) bump up the number of questions to 20 or something. If anyone else agrees with me, I encourage you to reply to this thread so the editors take note.

Actually it is interesting. Kevin's response to a funny question tells us a lot about him, he's got a sense of humor and it's much like ours. Contrast that to Shatner, or some of the other interview subjects.

Slashdot doesn't really send ten questions, just the questions of ten people. They should either send about 2500 words (of the top of my head) and let it be any number of actual questions so the short funny ones don't "waste" anything, ditto with the other (serious) short obvious ones that will be answered with essentially a form letter. Or, get serious about the limit of ten questions, one per comment, and start ignoring multi-question comments.

Or maybe "funny" comments shouldn't be counted against the 10 that will be submitted. Make it optional for the interviewee to answer the funny extra questions, and this way they don't infringe on the 10 important ones.

His treatment was far beyond what was reasonable for a non-violent, repeat criminal suspected of theft.

The calculation of the value stolen is silly. We laugh when software companies these days equate a copied program to a direct monetary loss. Can you imagine if someone copied NFL-2003 and was charged with the full development costs, plus the yearly publicity costs of the NFL, etc... It's ridiculous, and yet this is the math that contributed to him being considered a terrorist. Nobody panics when someone "steals" access to files that would have cost $2000 in total to have printed and delivered. They knew this and inflated the figures, thinking that $300 million would be much more impressive.

Also, eight months in solitary confinement!? For what? Did he attack the other prisoners? Getting eight months in solitary is fairly difficult for even violent criminals, yet they did this based on the ridiculous idea that he could call in a nuclear strike? What do they do to any other criminal who has potential connections on the outside? Why treat him differently than a Mafia Don who might still be in charge? If they can manage to keep phone access away from some people without putting them in solitary, why can't they manage it with Kevin?

They called him a terrorist and it justified doing pretty much anything they could want to do. He was one of the first to be persecuted this way, beyond any rational comparison to his crimes, but he won't be last.

Having lived through one of Kevin's early penetrations (that of Digital Equipment Corporation) I can report that the damage was large.

The issue is not whether Kevin damanged the machines directly: as he says, he probably did not. The problem is that as a manufacturer, if the systems you build products on *might* have been compromised, you can no longer trust them, and get to rebuild them from scratch (get out distribution disks from before any possibility of compromise, reinstall from scratch, rebuild, and examine all source code that might have been edited). As a manufacturer, you owe it to your customers to be very careful about trojan horses, etc. You don't know all of what *might* have been done to the systems, and you certainly can't allow such things to end up in products shipped to end customers.

It is this cleanup of hundreds and/or thousands of systems (since you may not know exactly what has been compromised in an attack) that causes havoc and great damages to the victims.
- Jim

Anonymous Coward trolls:Give us a phone number to call this company:Well Jim, I would love to confirm your employment when Kevin damaged your system. I imagine your full of it. Just my personal opinion.

Well first off, to confirm that the account [slashdot.org] belongs to Jim Gettys [handhelds.org], this account has been posting to slashdot for years, including posting in articles about himself and his work, and you are the first person I've seen accuse him of being "full of it". If the jg account on slashdot were a fake, I'm certain there would be a number of his friends and coworkers pointing this out. There haven't been, so I will assume it's him.

Secondly, since you appear to have been asleep for the past ten years, you cannot call Digital Equipment Corporation, because they no longer exist. They were acquired by Compaq, which was acquired by Hewlett Packard. Sure enough, Mr. Gettys works for Hewlett Packard now, in the HP Labs [hp.com] division.

His employment at Digital is a matter of public record. He's even listed as a DEC employee in RFC 2068 [ietf.org]. If you really want to confirm his employment, I suggest you hunt down HP's Human Resources (or Media Relations, they might have a biography) department yourself.

While I am aware that Kevin Mitnick is a more recognized name for many people, Jim Gettys is far more deserving of fame. Both The X Window System and HTTP are the way they are today partially due to his hard work. Kevin Mitnick did something stupid, got caught doing it, and was abused by the government; Jim Gettys actually created things we use every day.

It's not just restoring the machine, which can take a few hours these days, and probably took a couple times longer back then. You also have to back-track and inspect any changes done to the code since the compromise. What do you think they should have done? Restored and just deleted ALL changes made since then?

It takes a lot of work and time to recover from a compromise of an important system. You have no idea WHAT was done, you don't want to miss anything, yet you also want to minimize the amount of work that will have to be redone or lost forever.

Please don't take these comments personally: they are directed at everyone here with similar attitudes.

First, if you weren't managing a reasonable-sized installation in 1989, you are not qualified to comment on best practice: you have no idea what it was like to do so. (I was, and do.)

Tripwire?? Tripwire barely existed yet, and no one used it. Secret-key encryption was more-or-less illegal because of governmental administrative rules. Public-key encryption was the legal property of RSA Inc., and as a result no reasonable tools were built and distributed that used it. There was no DSA. So all the 'leet security tools everyone seems astounded jg wasn't using were not even close to options. No SSH, obviously. Not even encrypted telnet.

Backups? Backups were on the fancy new 1GB Exabyte tape drives, if you were lucky. The less-lucky were still using 9-track tape. Restore times were literally overnight: disks were slow, and much of the restore process was (get this) CPU-limited. The number of operators skilled enough to perform restoration from backups was small: that job paid better at the time than web-monkeys got at the height of the.com era.
And remember: more or less the whole organization (DEC, for Pete's sake, one of the largest computer companies in the world at the time) was down while the restore completed, due to the joys of centralized computing.

Do I think that Mitnick "got what he deserved"? No: he was persecuted and prosecuted beyond the extent his legal and ethical crimes deserved. Do I think he caused a lot of very clueful people lots of legitimate grief for no good reason? You bet. Even he seems to think that. Hopefully you can understand the compatibility of these two viewpoints, and not just blame the victims for Markoff's and the government's sins.

I've been spending a lot of time emailing people that have written me in the past couple of weeks. I know you've been out of the internet-loop for a while, and probably haven't checked your email in like 6 years so....

Just a tip, pal - that message about some hot Russian chick that wants you to look at her and her friends on her web cam....Well...

And the idea that Microsoft is tracking an email and will give you $100 if you forward it or some such...

And the tons and tons of email from all your friends with the subject "I Love You"...

And the guy in Uganda that needs help smuggling all his money, and has a cool offer for you...

Fear is what has caused more pain and suffering in 'good' people people since the dawn of time. A few people in Mitnick's time used this fear to strike terror in the hearts and minds of millions of Americans. These people are the terrorists not Mitnick. He was nothing more than a victim of the fear inspired by Markoff and others. In reality there are literally thousands of other 'hackers' that have caused way more damage than he could ever hope to achieve. The books, headlines and the hacker movies have told non hackers and non computer users a different story from reality.

When a movie was made about hacking and Kevin's name was used it further proves the statement of fear. Our government is using tools far more powerful than any 'hacker' has ever been able to have access too to watch our every single move.

In an Orwellian world the government needs to extend blame onto otherwise innocent people so they can stand on their backs to be heard and in turn gain more power. While there may not be a huge government conspiracy to ruin Mitnick, the media and government have a field day. This is exactly how they are able to name a few terrorists and go off to war with full support.

The software providers and the music/movie business will claim that they lost the retail price of everything copied. That's even though they sell their products much cheaper to resellers. Every piece of software and media copied doesn't mean a direct loss is inflicted. The way the law stands that it's illegal to have a copy of illegally copied software in your posession. Most of the copied material is by young kids and college students. Neither have the means to pay for; nor the need to buy 99% of what they have. In many ways piracy is free advertising. Record sales have risen at least 20% since the invention of the mp3. For the first time other bands that might not even be stocked at your local record store are heard. You cannot get away with using copied software in a corporate business. Corporate sales reflect a vast majority of total sales. Even if someone finds a program to download and likes it; they are still required to have someone to pay for it to use at work professionally. In this way more good products are sold. They are bought for their utility rather than fancy packaging and/or advertising. There are several groups that go to corporate sites and audit their systems to make sure that they are properly licensed. For all the bands that complain about Napster and filesharing in general get front page advertising or even cartoons about them.

I find it disturbing that there is so little comment on perhaps the biggest issue here, the effect the NYT reporting had on the process Mr. Mitnick was due. If the NYT--the "paper of record"--was so inaccurate about the facts of this case, how can we trust any of its content? Many people will not want to be confused with the facts and continue to judge Mr. Mitnick based on false or exaggerated information. How is this right? How many other things is the NYT wrong about? (From my own reasearch and experience, plenty.)

In the above, Mr. Mitnick asserts that Mr. Markoff libeled him extensively and caused him no end of personal distress, excessive legal punishment, and so on and so forth. That may very well all be true.

But if it is true, why hasn't Mr. Mitnick sued Mr. Markoff, the New York Times, his book publishers et. al. for libel? That's what libel law is there for... if these things are true, then they should be exposed in a court of law, the truth would be revealed for all to see, and Mr. Mitnick should receive some very hefty compensatory damages. Mr. Mitnick would win big if even a tenth of what he describes above is true, since he would have qualified at the time under libel statutes as a "private citizen" rather than a "public figure," so the threshold of showing libelousness would be quite low.

So why isn't he suing Mr. Markoff? Don't say it's because he doesn't have the money, because plenty of lawyers will work on a contingency basis, especially for something as high-profile and (if the above is true) lucrative as this. If Mr. Mitnick can back up what he's saying here, why isn't this all coming out in a court of law? And don't say "Markoff should have to prove he's right, not Mitnick," because if Mr. Mitnick sues for libel Mr. Markoff will have to do just that (produce his notes, documents, etc. to verify where he received all his information), but he doesn't have to do this if Mr. Mitnick doesn't sue.

I don't know Mr. Markoff or Mr. Mitnick, and I have no idea what the real truth is here. But for some reason the fact that Mr. Mitnick talks at great length about all these abuses but is not willing to test them in court seems indicative of something to me...

Add to that fact that Markoff refuses, as Mitnick points out, to acknowledge a prior relationship with him. So any talk he had with Mitnick concerning the purchase of rights to his story has somehow been 'forgotten' by Markoff. Mitnick would somehow have to convince a jury that:

(a) he is credible, and his word should be believed--that is, that they did have a prior working relationship. (Uhhh.. not gonna happen.) Or,

(b) the two did talk at some point in the past, and in some traceable manner. If it was by telephone, then he'd have to get ahold of the phone records.. quite possibly destroyed by now. Or, find the emails sent back and forth.. no doubt impounded as evidence by the DoJ. Considering the attitudes of the arrogant pricks at the DoJ, what do you think his chances are of getting those back?

I think he's taking the high road. Really, the best thing he could do to get back at them at this point would be to.. well.. write his own book and outsell Markoff.:) But even that would be a bit risky right now.

Plus, correct me if I'm wrong, but as a convicted criminal, isn't he not allowed to benefit monetarily from his crimes? So even if he did manage to sue Markoff, the gov't would get the money, not him. And I have such contempt for the US gov't right now that I would bet all of it would go directly to the DoJ.

Come to think of it, they'd probably take any money he'd make off a book deal, too..... *sigh*... I hate water monopolies.....

I'm not defending Mitnick's actions. He did lots of things that were wrong and deserving of punishment. However, he was screwed over by the Government in his trial and imprisonment.

Clearly, the Government was using Mitnick as an example to all the other would-be hackers. They completely ignored Mitnick's rights to a "speedy trial," denied him a bail hearing, and so forth in order to achieve their goal. I've heard of RAPISTS who served less time than Mitnick did.

Second, I believe that the Government was also "testing the waters" with Mitnick as to how they could hold someone while violating due process. They painted the picture of him being an extremely dangerous criminal, almost to the point of labeling him as a terrorist (and this was pre-9/11, as well). Perhaps they wanted to see if they could make someone look dangerous enough that the public would support an unconstitutional imprisonment of that person.

Either way, I feel Mitnick was unjustly treated by the Government. There was absolutely no need to treat him the way he was treated in order to convict him of the things he was guilty of.

Anyway, Kevin's "social engineering" skills should clearly be an eye opener for anyone who implements security, computer security or otherwise. People themselves are often the weakest link of security. It doesn't matter if a password is encrypted with the highest grade encryption available if someone just tells it to an attacker over the phone.

The Free Kevin campaign was initiated by a group of people who realized that Federal prosecutors and the Federal judiciary had turned a blind eye to my constitutional rights and statutory law that protects any person accused of a crime.

I have to agree with you. He broke the law, and was caught, multiple times. It makes sense that he was locked up for a reasonably long period of time, as he had been arrested a couple of times before, for similar crimes.

On the other hand, he was not prosecuted in a fair manner. Regardless of his past history, he deserved better treatment then what he recieved. Prosecution of computer crime is likely to increase over time, and it is important to place emphasis on these criminal cases, so as to avoid unfair prosecution in the future.

I disagree with you about the pathetic thing. Sure, his crimes were not that technically advanced. Yes, he did break the law multiple times. No, there is nothing wrong with taking advantage of the celebrity that has built up around him.

What he needs to do now is to avoid repeating his past behavior. If he does, that journalist he dislikes so much will be proven to have been a decent judge of character, and he will have discredited those who supported him.

It is illegal to ignore someone's constitutional rights. He suffered due to this. It ain't a bad thing if he now can get some relief with being a hero. Maybe it will teach the justice department something?

I realize that I am feeding a troll here, but are you saying that you would prefer that/. not interview him? You don't think that an interview with a well known computer criminal is worth reading? Maybe we should put you in charge of the "Good Taste Commission" and you can decide who is worthy of an interview.

Many of us used 'illegitimate" learning methods back in the 80's and early 90's. There wasn't much you could do with a Trash80. We feel for him. Many of us could have ended up like him (probably to a lesser degree) if only we had been more savvy and/or less cautious. We never wanted to cause ANY problems. Just to learn. How does a 15 year old in 1986 learn about Unix? He goes to the nearest University and cracks the system.

I was a 15 year old in 1986. I wanted to learn about Unix.
I went to the local University and TOOK CLASSES, you jerk-off.

And weren't you just the norm? Personally, as a hiring practice I would be suspicious of anyone who claimed that as a 15 yr old in the 80s they took classes at a uni for unix. Not to mention that those who learned the other way probably still get off on hacking you:-)

Sorry but you are confusing fame and morals. They live in different worlds. Talking candidly with someone regardless of their past is based on DEMAND, not morals. "Why? Because we're interested, dummy!"

So why are we interested? Well, for the large part of the readership, there's no need to garner hacking tips or concepts from this guy. His methods were devious and ingenious for the time, though. Plus, a very small percentage of people reading here are actually hacking anything of importance (out of a small % of people even trying). Last hack I did was trying to recover a password protected word file. HA

Anyway, THIS GUY IS A CELEBRITY BECAUSE he took a road less travelled and is now exposing the path he took. A unique life, how is yours?

Much more interesting than 100.00% of the TV Guide/OK/Hello/People/Time/Newsweek brainfood out there. Slashdot is where this news should be. What are you here to read?

Probably, it's a "there but for the grace of ghod" thing. If you boil away all the hype, what he did was certainly not right, but most of us here at Slashdot understand the urge, and if circumstances were different, could have easily *been* him. I know I could have been, had things been different.

Add to that the fact that they hype machine turned him from a minor delinquent to a major terrorist. Score extra sympathy points for unconstitutional treatment.

Now add the other side of the hype machine. A guy that could start a nuclear war with a simple phone call. A guy that roams unchecked through the most secure machines in the world.

Put all those together... the sense of identification, the sympathy, and the larger-than-life myth. I think it's easy to see why he's a celebrity.

Thats not to say he's a not a criminal, as you describe. But he's no more a criminal than the PC maintenance guy that looks at data on a machine he or she is repairing. Or someone who reads the papers sitting out on someone elses desk. No theft, no intentional vandalism, just access to information he or she didn't have.

I hope he gets a fair shake, and does well with his company. He got railroaded, and deserves better.

"But he's no more a criminal than the PC maintenance guy that looks at data on a machine he or she is repairing. Or someone who reads the papers sitting out on someone elses desk. No theft, no intentional vandalism, just access to information he or she didn't have."

A better example would be someone who drives into an industrail park, opens a locked door using a credit card, rumages around in peoples filing cabinets, and photocopies some things he finds interesting and then leaves.

Although I admit going through unauthorized systems is a trip, it is still illegal.

I think part of the reason is because, as he points out above, the *gross* miscarriage of justice in his case. As Mitnick himself states he was held in solitary confinement for 8 months because the prosecution was able to convince a technologically uneducated judge that if Mitnick gained access to a payphone he could launch nuclear missiles. He was held without a bail hearing for 4 1/2 years. Up in Vancouver here, some street racers just got sentenced the other day to 2 years house arrest for mowing down and killing a pedestrian, yet he spends 8 years + in the clink for essentially copying software?
And of course the reason it resonates with a lot of the Slashdot crowd is that some of their activities when they were younger might not have been so different. And if that happened to Mitnick, who is to say it wouldn't happen to them?

no, but he probably hacked into/. to put up the "ask kevin" story, convinced taco that he was michael, michael that he was rob, and rob that he was a gay taco... he probably hax0r3d all the questions too. Shame on you kevin! Using/. for your... *raises sideways pinky finger to lips* EVIL PLAN!

Well, I see your point BUT I also think that you could make the argument that in the case you cite, he wasn't in a position of trust. There was no reason for a caller without any real credentials to be considered to be telling the truth until some verification has ben done. Such verification was not done. Thus he was trusted but incorrectly so. I don't know - I guess he abused the trust he was given but he was given that trust incorrectly. He may have been referring more to his professional work rather than his hijinx on the phone.

What it means to abuse a position of trust, would be something like gaining employment somewhere to commit crimes against your employer. Such as a security professional getting a job at a company and then installing backdoors for himself on the company's systems.

That's not what abusing a position of trust means. It means, when you are placed in a position of responsibility, not living up to the trust placed in you. For example a customs officer who helps in smuggling is abusing a position of trust (among other things). An ordinary person who smuggled goods would not be abusing a position of trust, because they were never in that position to start with. It doesn't just mean general dishonesty or confidence trickery.

So if Mr Mitnick had been appointed as a security consultant and used that to break into systems for personal gain, that would be an abuse of trust. As it is, he doesn't seem to have committed this kind of dishonesty, whatever else he did.

As others have pointed out, he abused trust that should never have been given.

On the other hand, if it is true that someone in his Lawyers office was "spying" on his defense team, then they were abusing positions of trust in a much bigger way. I find the governments behavior in all of this to be much more troubling than Kevin's, they are after all "officers of the court". Yes, there are special circumstances where they may lie and cheat to catch a criminal, but lies and distortions in the courtroom are more than an abuse of trust, they are an abuse of the justice system. If we can't rely on their truethfulness in the courtroom, then the whole house of cards falls down.

And yet, for some reason, he was never accused [in court, by the prosecution] of abusing a position of trust. The implication is that the punishment he received is usually reserved for someone who does these things, and that therefore it was strange for him to receive this punishment. The meaning is clear: why did he receive this punishment, if the legal point on which this punishment typically depends was never brought up?

Of course he abused trust. But that fact was never legally resolved, or even brought up. Instead of being punished under the law exclusively for crimes he was proven to commit under the law, it seems that he was punished in part based on hyperbole and misrepresentation of the facts, as well as legally established actions which, by themselves, typically do not merit the legal punishment he received.

In short, he was punished for abusing a position of trust, but was never legally accused of doing so, and was never legally proven to have done so. It's a problem, and worth pointing out (as many people have done).

Lest you complain that this is a "distinction without a difference", may I remind you that the U.S. government is currently planning a preemptive strike against Iraq without any clear evidence that Iraq presently merits such a thing? Either we're wrong to put Kevin away for crimes he probably committed but we can't be bothered to prove, or we're right to attack Iraq at this time even though we can't prove beyond doubt that such a thing is necessary. Make up your mind... for great justice!

yeah, he's famous... but you could be too if you went out and murdered either someone famous or a bunch of regular joes. Mitnick went to jail... I would rather live my whole life as one of slashdots "teaming masses" if I didn't have to spend 5 years in prison. That's a conscious choice I make practically every day. I don't envy Mitnick for his fame.

Have you ever been arrested or locked up for an extended period? I was only in a cramped holding cell once with other people for 48 hours, but I can tell you I would not trade my freedom for anything.

Do you know what SuperMax is? It's a prison for "the worst" offenders (most of whom I have no doubt I would not like to meet). In a supermax prison you are in lockdown 23.5 hours a day, on your own, all alone, with basically four walls and a near fully covered door. No voices, no visitors, no NOTHING. Good god, and they wonder why guys released from these places after 10 year senteces loose it on the outside, what the hell do you EXPECT!

Prison is a 5' room. Isolation is the total absence of ANYONE ELSE AT ALL. Think of this, we're not talking about a couple hours with a book or a few days away, we are talking about YEARS in a sterile closet with only intermittent interaction with others.

The media has succeeded in recent years in convincing the general public that prison is some kind of playground, and that sentences can never be strict enough for criminals. This is one of the most laughable misconceptions I have ever come across.

However, it is not as laughable as the belief that the government "doesn't incarcerate innocent people" or that "a small number of innocent incarcerations is acceptable". You laugh, but I had a deep conversation with a Brooklyn ADA in which he stated, POINT BLANK, that he believed he was justified in manipulating situations to get people convicted, even if he had reason to believe they were innocent. He argued that there were acceptable losses... good god, and they say the medical system needs an overhaul!

You're quite wrong. People are not locked up based onhow much damage they can do. They're locked up,theoretically, based on how much damage they *did*.

As for the calculation of the damage that Mr. Mitnickdid, he alleges not that he should have been allowed todetermine the value, but rather that "WE" got it wrong.Clearly he is not disinterested in this assessment, butit's certainly plausible that he's right.

We don't lock up people based on how much damage THEY think they can do, we lock them up based on how much damage WE think they can do

What? We lock people up because we have convicted them of crimes, or because they are awaiting trial, which is guaranteed by the Constitution to be "speedy and public". Mitnick was locked up for 4.5 years before his trial, something that is unheard of.

What you're talking about is straight out of "Minority Report", locking people up for "precrime".

Now, given Mitnick's career, he's basically a con man, and I certainly wouldn't trust him even now.
Just the same, even con men have rights.

This is all interesting information, but it doesn't sound like he really learned anything. He still advocates illegal activity and seems oblivious to the basic idea of penal theory.

How many times must the guy say "I did the wrong thing and deserved to be punished for it" until you think he learned something? I thought he brought up some very good points about how he was denied his consitutional rights. There is nothing in the consitution which gives a judge the right to trample someone's right just because he or she is ignorant about the specifics of the case.

First off, where is he advocating illegal activity? Not one place in the interview does Kevin express that he would like someone to go out and do something illegal. In fact, he is advocating not committing computer crime, and gives alternative legal methods if you still care to learn about hacking.

Secondly, what country do I live in again? The basic premise of justice is that an illegal action can be counterbalanced by restitution. The subtle concept here is that the penal system does not exist to punish, but rather it exists to rehabilitate. (Its supposed to at any rate, YMWV). So we shouldn't be locking up people based on what others think or worry about, we should be locking them up based on what damage they have actually caused. The reason Kevin is a hero, is not because he was a hacker, it is because he survived an ordeal that should never have happened in this country. And in so doing, he and others have brought to our attention just how out of control the justice system in this country is at the moment.

Why has a large majority of population of the United States suddenly forgotten our government, our law, is based on a constitution? Why all of a sudden is it OK to ignore laws in some cases, enforce them in others, and blow them way out of proportion in yet others? Is there some type of Moore's Law in relation to repeating history?

The moment our laws reflect our fears rather then the facts will be the moment in which we are all doomed. Like money, laws are not tangible things. Laws are based on the faith of the people. The more the justice system fails to follow procedure and law, the less faith citizens will have in those laws. If citizens lose faith in the justice system, justice and laws will no longer have any power.

Is this the same PhysicsGenius who posted the referred question? If so, you might or might not be a genius at physics, but your reading skills leave something to be desired.

He still advocates illegal activity

To quote from Kevin's answer to (I think) your question:

I don't encourage, and in fact, discourage anyone from doing any illegal activity that affects other's property rights. However, I do advocate hacking in the sense that it does not amount to illegal or unethical behavior. Since the cost of computing is significantly lower nowadays, one activity may involve setting up a LAN with different computing platforms and attacking those systems in order to find vulnerabilities.

Which part of that statement is encouraging illegal activity? He's simply suggesting that one can "hack" (not "crack"--learn to distinguish the two terms or suffer the wrath of/.) on your own personal computer/LAN without the need to illegally access 3rd party systems. And he states quite clearly in the opening sentence that HE DISCOURAGES ILLEGAL ACTIVITIES (in caps so you catch it this time).

You also say:

and seems oblivious to the basic idea of penal theory./

Oh, you mean the part where he was held in prison for 4.5 years without any charges filed against him? Well, let's just take a look at what the Constitution of the United States has to say about the subject:

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger;

Now, let's take a look at the facts of the case: Kevin was arrested in February 1995. The indictment was not filed against him until September 1996. That's roughly 19-20 months that Kevin sat in prison (8 of them in solitary confinement) while there were no charges filed against him.

And here is the code, thank U.C. Berkeley for the copyright longer than the code.#!/bin/sh -# $NetBSD: wargames.sh,v 1.3 1999/11/16 17:27:14 abs Exp $## Copyright (c) 1985, 1993# The Regents of the University of California. All rights reserved.## Redistribution and use in source and binary forms, with or without# modification, are permitted provided that the following conditions# are met:# 1. Redistributions of source code must retain the above copyright# notice, this list of conditions and the following disclaimer.# 2. Redistributions in binary form must reproduce the above copyright# notice, this list of conditions and the following disclaimer in the# documentation and/or other materials provided with the distribution.# 3. All advertising materials mentioning features or use of this software# must display the following acknowledgement:# This product includes software developed by the University of# California, Berkeley and its contributors.# 4. Neither the name of the University nor the names of its contributors# may be used to endorse or promote products derived from this software# without specific prior written permission.## THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF# SUCH DAMAGE.## @(#)wargames.sh 8.1 (Berkeley) 5/31/93#echo -n "Would you like to play a game? "read x

x=`echo $x | sed 's/[^-a-z0-9]//g'`

if [ -f/usr/games/$x ] ; then
tput clear
exec/usr/games/$xelse
# Original quote "Strange game, the only winning move is not to play."
echo "Strange, the only winning move is not to play."fiexit 0

He has always been saying that what he did was wrong. He isn't trying to justify his actions. All he is really saying is that he was treated worse than those actions called for, and he doesn't appreciate it.

The constitutional rights you possess are not something you can "sign" away. The constitution guarantees those rights to all it's citizens, there is no provision for transferring your rights.

What bullshit. Of course you can sign them away. Enter a guilty plea as part of a plea bargain and with the stroke of a pen you have wiped out your right to appeal, the right of jury trial, the right to confront and cross-examine witnesses, the right to have witnesses in your favor subpoenaed into court, the right to be free from unreasonable searches and seizures if you are on probation or parole, possibly the right to vote and to keep and bear arms, um, shall I continue? IAAL.